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CLAIMS 

1. A method of conducting a transaction between a first entity and a second entity 
where as part of the transaction the second entity or an examination agent operating 
on behalf of the second entity requires information to assess a level of risk 
associated with transacting with the first entity, the method comprising the steps of: 

a) a data processor acting on behalf of the first entity requesting a data 
processor acting on behalf of the second entity to provide data about itself; 

b) the data processor acting on behalf of the first entity analysing the response 
and determining an assessment of trust of the data processor operating on 
behalf of the second entity; 

c) defining a pseudonymous identity for the first entity; and 

d) providing data about the first entity to the second entity where data is 
selectively withheld or generalised in response to the assessment of trust. 

2. A method of conducting a transaction as claimed in claim 1, in which the method 
further comprises the step of entering into a contract for the transaction based on 
data provided about the first entity such that the identity of the first entity remains 
unknown to the second entity. 

3. A method as claimed in claim 1, in which the transaction is the purchase of 
insurance, and for a given type of insurance the pseudonymous identity is 
associated with sufficient information to enable the insurer or an insurance 
examination agent to assess a level of risk for pricing or issuing an insurance. 

4. A method as claimed in claim 3, in which, when seeking to claim on the insurance 
policy, the data pertaining to the first entity are made available to the insurer in 
order that the insurer can validate that there is an acceptable level of correlation 
between the pseudonymous identity and the first entity. 

5. A method as claimed in claim 1, in which the first entity submits their information 
or responses via a trusted computer, and wherein a trusted platform module within 
the trusted computer generates a user identity which can be used in future to 
confirm the identity of the first entity. 
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6. A method as claimed in claim 1, in which the first entity enters their data onto a 
trusted computer together with their policy agent which defines how information 
relating to the first entity can be disclosed. 

7. A method as claimed in claim 4, in which the transaction relates to the purchase of 
insurance and the policy agent communicates with an insurance examination agent 
in order to negotiate and authorise an insurance policy. 

8. A method as claimed in claim 5, in which the transaction relates to the purchase of 
insurance and the trusted computing platform and a server running the examination 
agent authenticate with one another such that the policy issued to the first entity via 
the pseudonymous identity is linked to an identity used in the authentication or to a 
further identifier provided by the first entity. 

9. A method as claimed in claim 1, in which the generalised data is generated by a 
generalising agent acting in accordance with a user's security policy. 

10. A method of purchasing insurance, comprising the steps of: 

i) an insurer making its conditions for insurance available to a third party; 

ii) a customer making its responses to the conditions for insurance available to 
the third party, and 

iii) the third party analysing the responses and determining whether insurance 
can be offered to the customer and if so validating to the insurer that a 
policy has been issued to the customer and that the customer satisfies the 
insurer's conditions, wherein 

iv) the customer enters their data onto a trusted computer together with their 
policy agent which defines how information relating to the customer can be 
disclosed to an insurance examination agent, and the trusted computer 
interrogates the data processing environment and policies of the third party 
to determine how trustworthy the third parties is, and adjusts the way in 
which it discloses information about the customer on the basis of the 
determination of trustworthiness. 



11. A method as claimed in claim 10, in which the transaction is conducted 
electronically and in which the customer submits their information or responses via 
a trusted computer, and wherein a trusted platform module within the trusted 
computer generates a user identity which can be used in future to confirm the 
identity of the customer. 

12. A method as claimed in claim 3, in which, when seeking to claim on the insurance 
policy, the details of the first entity are made available to the insurer in order that 
the insurer can validate that there is an acceptable level of correlation between the 
generalised identity and the first entity. 

13. A method as claimed in claim 10, in which a pseudonymous identity is formed 
based on a generacised identity, the pseudonymous identity including 
pseudonymous information which can be exchanged with the insurer so that the 
insurer can validate that it is communicating with the first entity via its 
pseudonymous identity. 

14. An apparatus for conducting a transaction comprising a first data processor acting 
on behalf of a second entity, and where as part of the transaction the second entity 
or an examination agent operating on behalf of the second entity requires 
information to assess a level of risk associated with transacting with the first entity, 
wherein: 

a) the first data processor requests the second data processor to provide 
information about itself and the policies of the second entity; 

b) the first data processor analyses the response and assesses the amount of 
trust that should be attributed to the second data processor and/or the second 
entity; 

c) the first data processor defines a pseudonymous identity for the first entity; 
and 

d) the first data processor provides information about the first entity to the 
second data processor where information is associated with the 
pseudonymous identity and information is selectively withheld or 
generalised in response to the assessment of the amount of trust attributed to 
the second data processor. 
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An apparatus as claimed in claim 14, in which the first computer executes a policy 
agent which controls how information relating to the first entity is disclosed. 

An apparatus as claimed in claim 14, in which the first computer has a trusted 
platform module which generates a user identity which can be used to confirm the 
identity of the first entity. 



